US20060107319A1 - Web based automated certification and accreditation (C&A) application - Google Patents
Web based automated certification and accreditation (C&A) application Download PDFInfo
- Publication number
- US20060107319A1 US20060107319A1 US10/968,880 US96888004A US2006107319A1 US 20060107319 A1 US20060107319 A1 US 20060107319A1 US 96888004 A US96888004 A US 96888004A US 2006107319 A1 US2006107319 A1 US 2006107319A1
- Authority
- US
- United States
- Prior art keywords
- automated
- information
- processes
- web based
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- C&A processes assess the entire process, from information gathering through document generation.
- the software simplifies certification and accreditation and reduces its costs by guiding users through a step-by-step process to determine risk posture and assess network and system configuration compliance with industry best practices and national and international security regulations, policies, and standards.
- the application automatically engages the appropriate security requirements according to government and/or industry best practices.
- the software then automatically generates the appropriate test procedures, processes the test results, produces a risk assessment, and allows the user to automatically publish a complete C&A package, including all appendices, in accordance with security standards and processes.
- the present software invention may provide a secure network management protocol for a computer network.
- the secure network management protocol may include a secure network management agent having a database/library and a plurality of data sources distributed throughout the computer network.
- the secure network management protocol is provided in communication with the data sources via instrumentation entities of the components.
- Embodiments of the present invention provides a secure network management agent for a computer network.
- the secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console.
- SNMPS permits like-kind alerts from different instrumentation entities to be presented to a technician using similar formats.
- Embodiments of the present invention provide a secure network management agent for a computer network.
- the secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console.
- FIG. 1 illustrates secure network management communications between TCP/IP, SNMP and SNMPS. This illustration provides a platform for communications between computer equipment, network devices and interfaces to telecommunications.
- FIG. 2 provides an illustration of current SNMP technology communicating with SNMPS over an IP network. This process an integrate platform for current (HP Openview, E-Trust, Firewalls, and VPN) technology and processes to communicate with SNMPS platform.
- HP Openview, E-Trust, Firewalls, and VPN an integrate platform for current
- FIG. 1 is a block diagram of an exemplary of secure management protocol communicating with SNMP, TCP/IP and the Internet with an embodiment of the present invention.
- FIG. 2 is a block diagram of a secure network management protocol system communicating with TCP/IP network and new technology constructed in accordance with an embodiment of the present invention.
Abstract
A web based automated C&A application that communicates with Computer Emergency Response Team (CERT), National Institute of Standards and Technology (NIST) and Tripwire (current security organizations) to support real-time security management and processes. Without automated C&A processes, organizations have developed multiple methodologies and acquired software tools that may or may not provide the detailed guidance for systems analysis required from an information security (IS) perspective. C&A relates to the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit. C&A also analyzes protection against such failures as denial of service to authorized users, unauthorized access, and agency capabilities to detect and document threats. Automated certification process reduces reliance on human intervention, in addition to providing labor and cost savings.
Description
- The lack of centralized standardization and automation of C&A processes has led the Information Technology Security community to develop separate methodologies and acquire tools that may or may not provide the detailed guidance needed to analyze systems from an information systems security perspective. Automated C&A applications assess the entire process, from information gathering through document generation. The software simplifies certification and accreditation and reduces its costs by guiding users through a step-by-step process to determine risk posture and assess network and system configuration compliance with industry best practices and national and international security regulations, policies, and standards. The application automatically engages the appropriate security requirements according to government and/or industry best practices. The software then automatically generates the appropriate test procedures, processes the test results, produces a risk assessment, and allows the user to automatically publish a complete C&A package, including all appendices, in accordance with security standards and processes.
- According to an embodiment, the present software invention may provide a secure network management protocol for a computer network. The secure network management protocol may include a secure network management agent having a database/library and a plurality of data sources distributed throughout the computer network. The secure network management protocol is provided in communication with the data sources via instrumentation entities of the components.
- Embodiments of the present invention provides a secure network management agent for a computer network. The secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console. SNMPS permits like-kind alerts from different instrumentation entities to be presented to a technician using similar formats.
- Embodiments of the present invention provide a secure network management agent for a computer network. The secure network management agent receives alerts from a plurality of data sources, harmonizes the alerts and reports harmonized alerts to an application console.
-
FIG. 1 illustrates secure network management communications between TCP/IP, SNMP and SNMPS. This illustration provides a platform for communications between computer equipment, network devices and interfaces to telecommunications. -
FIG. 2 provides an illustration of current SNMP technology communicating with SNMPS over an IP network. This process an integrate platform for current (HP Openview, E-Trust, Firewalls, and VPN) technology and processes to communicate with SNMPS platform. -
FIG. 1 is a block diagram of an exemplary of secure management protocol communicating with SNMP, TCP/IP and the Internet with an embodiment of the present invention. -
FIG. 2 is a block diagram of a secure network management protocol system communicating with TCP/IP network and new technology constructed in accordance with an embodiment of the present invention.
Claims (1)
1. A web based automated certification and accreditation application, comprising:
1. C&A protection mechanisms and safeguards that are designed and integrated into the system and/or subsystems.
2. C&A decisions that ensure against costly retrofits and delays in fielding deploying operational information systems.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/968,880 US20060107319A1 (en) | 2004-10-21 | 2004-10-21 | Web based automated certification and accreditation (C&A) application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/968,880 US20060107319A1 (en) | 2004-10-21 | 2004-10-21 | Web based automated certification and accreditation (C&A) application |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060107319A1 true US20060107319A1 (en) | 2006-05-18 |
Family
ID=36388000
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/968,880 Abandoned US20060107319A1 (en) | 2004-10-21 | 2004-10-21 | Web based automated certification and accreditation (C&A) application |
Country Status (1)
Country | Link |
---|---|
US (1) | US20060107319A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080172716A1 (en) * | 2006-09-12 | 2008-07-17 | Rajesh Talpade | IP network vulnerability and policy compliance assessment by IP device analysis |
WO2009011925A1 (en) * | 2007-07-19 | 2009-01-22 | Depalma Mark S | Systems and methods for accumulating accreditation |
US9817978B2 (en) | 2013-10-11 | 2017-11-14 | Ark Network Security Solutions, Llc | Systems and methods for implementing modular computer system security solutions |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020029280A1 (en) * | 1996-07-30 | 2002-03-07 | Holden James M. | Mixed enclave operation in a computer network |
US20020042687A1 (en) * | 2000-08-09 | 2002-04-11 | Tracy Richard P. | System, method and medium for certifying and accrediting requirements compliance |
US20070180490A1 (en) * | 2004-05-20 | 2007-08-02 | Renzi Silvio J | System and method for policy management |
-
2004
- 2004-10-21 US US10/968,880 patent/US20060107319A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020029280A1 (en) * | 1996-07-30 | 2002-03-07 | Holden James M. | Mixed enclave operation in a computer network |
US20020042687A1 (en) * | 2000-08-09 | 2002-04-11 | Tracy Richard P. | System, method and medium for certifying and accrediting requirements compliance |
US20070180490A1 (en) * | 2004-05-20 | 2007-08-02 | Renzi Silvio J | System and method for policy management |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080172716A1 (en) * | 2006-09-12 | 2008-07-17 | Rajesh Talpade | IP network vulnerability and policy compliance assessment by IP device analysis |
WO2009011925A1 (en) * | 2007-07-19 | 2009-01-22 | Depalma Mark S | Systems and methods for accumulating accreditation |
WO2009011916A1 (en) * | 2007-07-19 | 2009-01-22 | Depalma Mark S | Systems and methods for accumulating accreditation |
US20100217718A1 (en) * | 2007-07-19 | 2010-08-26 | Depalma Mark S | Systems and methods for accumulating accreditation |
US9817978B2 (en) | 2013-10-11 | 2017-11-14 | Ark Network Security Solutions, Llc | Systems and methods for implementing modular computer system security solutions |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10091220B2 (en) | Platform for protecting small and medium enterprises from cyber security threats | |
US7818249B2 (en) | Object-oriented method, system and medium for risk management by creating inter-dependency between objects, criteria and metrics | |
Montesino et al. | Information security automation: how far can we go? | |
CN107809433B (en) | Asset management method and device | |
Tsohou et al. | A security standards' framework to facilitate best practices' awareness and conformity | |
CN105139139A (en) | Data processing method, device and system for operation and maintenance audit | |
Bidou | Security operation center concepts & implementation | |
Mutemwa et al. | Integrating a security operations centre with an organization’s existing procedures, policies and information technology systems | |
Terplan | Intranet performance management | |
US8307219B2 (en) | Enterprise black box system and method for data centers | |
KR20120016732A (en) | Cloud computing system and method for security management for each tenant in multi-tenancy environment | |
US20060107319A1 (en) | Web based automated certification and accreditation (C&A) application | |
Dun et al. | Grasp on next generation security operation centre (NGSOC): Comparative study | |
WO2007072483A2 (en) | A security assessment method for use by security and cip professionals | |
Tello-Oquendo et al. | A Structured Approach to Guide the Development of Incident Management Capability for Security and Privacy. | |
Dean et al. | Toward a Zero Trust Architecture Implementation in a University Environment | |
Sievierinov et al. | Enterprise Security Operations Center | |
Welberg | Vulnerability management tools for COTS software-A comparison | |
Vulfin et al. | The architecture of the web application for protected access to the informational system of processing critically important information | |
Neises et al. | Trustworthiness in Supply Chains: A Modular Extensible Approach Applied to Industrial IoT | |
Wei et al. | On protecting industrial automation and control systems against electronic attacks | |
Pilgermann et al. | Towards sector specific security operation | |
Topala | Cybersecurity system for enterprise telecommunications resources | |
Caldeira | Security Information and Event Management (SIEM) Implementation Recommendations to Enhance Network Security | |
Napiórkowski et al. | A security subsystem design for a secret registry using RFID solutions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |